1. Field of the Invention
The present invention relates to cryptography. More particularly, the present invention relates to a multiple level security system and method for encrypting data within documents.
2. Background Information
The science of cryptography has existed for thousands of years. However, it is only within the last one hundred or so years that cryptography has become important to the general public, for example, first with the telegraph, then with radio and telephone communications, and presently in the information age that is typified by electronic communications over the Internet and computer networks of all kinds, both wired and wireless.
Given the long history of cryptography, many methods are available for generating cipher text from plain text, ranging from the simple to the very complex. The terms “cipher text,” “encrypted information,” “encrypted data,” and “encrypted transmission” are used interchangeably herein. Similarly, the terms “plain text,” “unencrypted information,” “unencrypted data,” and “unencrypted transmission” are used interchangeably herein. Regardless of the complexity of any individual cipher system, all seek to encode plain text as cipher text to prevent access to the encoded data or message by unauthorized parties. The terms “encode” and “encrypt” are used synonymously herein, as are the terms “decode” and “decrypt.”
Two common approaches to cryptography can be found in U.S. Pat. No. 3,962,539 to Ehrsam et al., entitled “Product Block Cipher System For Data Security”, and in U.S. Pat. No. 4,405,829 to Rivest et al., entitled “Cryptographic Communications System and Method”. The Ehrsam patent describes what is conventionally known as the Data Encryption Standard (DES), while the Rivest patent describes what is conventionally known as the RSA algorithm.
DES is based upon secret-key cryptography, also referred to as symmetric cryptography, and relies upon a 56-bit key for encryption. In this form of cryptography, the sender and receiver of cipher text both possess identical secret keys, that are, in an ideal world, completely unique and unknown to the world outside of the sender and receiver. By encoding plain text into cipher text using the secret key, the sender can send the cipher text to the receiver using any available public or otherwise insecure communication system. The receiver, having received the cipher text, decrypts it using the secret key to arrive at the plain text.
The security of data encrypted using DES depends largely upon the length of the secret key and, as alluded to previously, the secrecy of the secret key. DES encryption, as originally devised, utilized a 56-bit key. With the processing power of desktop computers ever increasing, the difficulty of divining a secret key from cipher text is rapidly decreasing. DES encryption, therefore, is a less secure form of cryptography than it was several years ago.
One solution that has been implemented to resolve the security issues surrounding DES is to encrypt data two or more successive times using the DES algorithm. Each successive level of encryption can use the same or different DES keys. If different keys are employed, careful selection of the keys is important, as some key combinations actually result in a less secure encryption than encryption using a single 56-bit key. Such a method of encryption, however, has been primarily employed as a stop-gap measure until the Advanced Encryption Standard (AES), that supports keys up to 256 bits in length and utilizes a different encryption algorithm, becomes more widely employed.
RSA encryption is based upon public-key cryptography. Two asymmetric keys are generated using two large prime numbers and a predefined mathematical relationship. The first key is kept private to a recipient, and the second key is made available to those who send data to the recipient. The mathematical relationship between the public and private keys enables the recipient of data encrypted with the public key to decrypt that data using the private key. The security of RSA is based upon the difficulty of factoring a very large number to discover the private key.
A commercial implementation of RSA is available from PGP Corporation of Palo Alto, Calif., and open source implementations are available at http://www.pgpi.org and http://www.gnupg.org (collectively, these RSA implementations are referred to herein as “PGP encryption”).